Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: s390: Avoid using a global register for the currentstackpointer. The commit 30de14b1884b “s390: The currentstackpointer should not be a function” changed the currentstackpointer to a global register variable, as is common on many...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pv: fix index value of replaced ASCE The index field of the struct page corresponding to a guest ASCE should be 0. When replacing the ASCE in s390replaceasce, the index of the new ASCE should also be set to 0. Using th...

SUSE SLES16 Security Update : kernel (SUSE-SU-2026:21845-1)

The remote SUSE Linux SLES16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21845-1 advisory. The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-2058:...

CVE-2026-45981

A flaw was found in the Linux kernel, specifically within the s390/cio component. This vulnerability stems from incorrect device lifecycle management during subchannel allocation. This could allow an attacker to trigger use-after-free or double-free conditions, potentially leading to system...

CVE-2026-45981

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in cssallocsubchannel cssallocsubchannel calls deviceinitialize before setting up the DMA masks. If dmasetcoherentmask or dmasetmask fails, the error path frees the subchannel structure...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed an issue where the HCAPORTS component was unregistered twice. Clear the hcadevcomcomp field in the device’s private data after unregistering it during the LAG teardown. Otherwise, a slightly delayed second pass...

Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the s390 eBPF JIT mechanism within bpfjitinsn in the arch/s390/net/bpfjitcomp.c file of the Linux kernel. In this flaw, a local attacker with special user privileges can bypass the verifier, potentially leading to confidentiality issues...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fixed the issue of invalid dereferencing of indirect CCW data pointers. The issue occurred in dasdeckddumpsense, where an invalid dereferencing of the indirect CCW data pointer led to a kernel panic in certain error...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: s390/cio: A race condition during online processing has been fixed. There is a race condition in the ccwdevicesetonline function, which can cause the online process to fail, leaving the affected device in an inconsistent state. A...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: s390/vmem: Split pages when debug pagealloc is enabled. Since commit bb1520d581a3 “s390/mm: Start kernel with DAT enabled”, the kernel crashes early during boot when debug pagealloc is enabled. Symptoms: - Memory initialization:...

CVE-2026-31568

A flaw was found in the Linux kernel. This vulnerability, located in the s390/mm component, is due to missing secure storage access fixups for memory donated to the Ultravisor. When secure storage access exceptions occur for such memory, the kernel can enter an unresolvable loop. This can lead to...

CVE-2026-31568

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add missing secure storage access fixups for donated memory There are special cases where secure storage access exceptions happen in a kernel context for pages that don't have the PGarch1 bit set. That bit is set for...

CVE-2026-31568

Summary: CVE-2026-31568 affects the Linux kernel s390/mm, where donated memory to the Ultravisor lacked PG_arch_1-safe export handling. The root cause is that secure storage access exceptions can occur for such pages, previously mid-flight exporting the page via arch_make_folio_accessible() would...

s390/syscalls: Add spectre boundary for syscall dispatch table

...

EUVD-2026-24844

In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register on kernel entry Before commit f33f2d4c7c80 "s390/bp: remove TIFISOLATEBP", all entry handlers loaded r12 with the current task pointer lg %r12,LCCURRENT for use by the BPENTER/BPEXIT macros. That...

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM Java: Buffer overflow vulnerability in OMR allows denial-of-service

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2025 - Includes Oracle July 2025 CPU

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

SUSE-SU-2026:0832-1 Security update for qemu

This update for qemu fixes the following issues: Security issue: - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. Non security issues: - hw/virtio: Also include md stubs in case CONFIGVIRTIOPCI is not set jscPED-14271. - s390x/pv: prepare for memory devices...